﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Utils;
using System.Data;
using System.Data.SqlClient;
using Model;

namespace Dao
{
    public class UserDao
    {
        DBConnection dbConnect;
        public UserDao()
        {
            dbConnect = new DBConnection();
        }

        public DataTable getAllUser()
        {
            string sql = "select * from [user]";
            return dbConnect.executeSelectQuery(sql);
        }


        public DataTable getUserByUserName(string username)
        {
            string sql = "select * from [user] where username ='" + username + "'";
            return dbConnect.executeSelectQuery(sql);
        }

        public DataTable adminLogin(string username , string password)
        {

            string sql = "select * from [User] where UserName ='" + username + "' and Password ='" + password + "' and UserType ='admin'";
            return dbConnect.executeSelectQuery(sql);
        }

        public DataTable userLogin(string username, string password)
        {

            string sql = "select * from [User] where username ='" + username + "' and password ='" + password + "' and UserType ='user'";
            return dbConnect.executeSelectQuery(sql);
        }

        public bool insertUser(User user)
        {
            string query = string.Format(@"insert into [User] (username , password , usertype , status , Email) 
                                       values (@username ,@password ,@usertype ,@status , @email)");
            SqlParameter[] sqlParameters = new SqlParameter[5];

            sqlParameters[0] = new SqlParameter("@username", SqlDbType.NVarChar);
            sqlParameters[0].Value = Convert.ToString(user.UserName);

            sqlParameters[1] = new SqlParameter("@password", SqlDbType.NVarChar);
            sqlParameters[1].Value = Convert.ToString(user.Password);

            sqlParameters[2] = new SqlParameter("@usertype", SqlDbType.NVarChar);
            sqlParameters[2].Value = Convert.ToString(user.UserType);

            sqlParameters[3] = new SqlParameter("@status", SqlDbType.NVarChar);
            sqlParameters[3].Value = Convert.ToString(user.Status);

            sqlParameters[4] = new SqlParameter("@email", SqlDbType.NVarChar);
            sqlParameters[4].Value = Convert.ToString(user.Email);

            return dbConnect.executeInsertQuery(query, sqlParameters);
        }

        public bool changePassword(string user , string pass)
        {
            string query = string.Format(@"update [User] set  password =@password where username =@username");
            SqlParameter[] sqlParameters = new SqlParameter[2];
            
            sqlParameters[0] = new SqlParameter("@password", SqlDbType.NVarChar);
            sqlParameters[0].Value = Convert.ToString(pass);

            sqlParameters[1] = new SqlParameter("@username", SqlDbType.NVarChar);
            sqlParameters[1].Value = Convert.ToString(user);

            return dbConnect.executeUpdateQuery(query, sqlParameters);
        }

        public bool updateUserType(string user, string userType)
        {
            string query = string.Format(@"update user set  usertype =@usertype where username =@username");
            SqlParameter[] sqlParameters = new SqlParameter[2];

            sqlParameters[0] = new SqlParameter("@usertype", SqlDbType.NVarChar);
            sqlParameters[0].Value = Convert.ToString(userType);

            sqlParameters[1] = new SqlParameter("@username", SqlDbType.NVarChar);
            sqlParameters[1].Value = Convert.ToString(user);

            return dbConnect.executeUpdateQuery(query, sqlParameters);
        }
    }
}
